General
-
Target
0c903e996cfd8cf1d1e89a4f5f954a0f4a3211e3b6ffc54af6f7ebb719945dfd
-
Size
627KB
-
Sample
221125-vjabvsfa4t
-
MD5
f72f0bd4740a5bf40302898abb26648e
-
SHA1
a829f08134ccc32ea00b9169b2a0ad853e26f55d
-
SHA256
0c903e996cfd8cf1d1e89a4f5f954a0f4a3211e3b6ffc54af6f7ebb719945dfd
-
SHA512
e4186448cecb97eddeafe25092b6654eef0e00743d39e1c4322c62eeb6b552fd16d274e7c9bc217791b414b14a29746cd261ad742a587e106f859b96e4f325b4
-
SSDEEP
12288:L0hcCkjICIT47WQCVq6duV5O1GFk6hl+0uTrAQQ132arcj/GVeWN/Wzj:YhuQIWQCYquTO0Fk6hc0uT43NycO
Malware Config
Targets
-
-
Target
0c903e996cfd8cf1d1e89a4f5f954a0f4a3211e3b6ffc54af6f7ebb719945dfd
-
Size
627KB
-
MD5
f72f0bd4740a5bf40302898abb26648e
-
SHA1
a829f08134ccc32ea00b9169b2a0ad853e26f55d
-
SHA256
0c903e996cfd8cf1d1e89a4f5f954a0f4a3211e3b6ffc54af6f7ebb719945dfd
-
SHA512
e4186448cecb97eddeafe25092b6654eef0e00743d39e1c4322c62eeb6b552fd16d274e7c9bc217791b414b14a29746cd261ad742a587e106f859b96e4f325b4
-
SSDEEP
12288:L0hcCkjICIT47WQCVq6duV5O1GFk6hl+0uTrAQQ132arcj/GVeWN/Wzj:YhuQIWQCYquTO0Fk6hc0uT43NycO
Score10/10-
HawkEye
HawkEye is a malware kit that has seen continuous development since at least 2013.
-
NirSoft MailPassView
Password recovery tool for various email clients
-
NirSoft WebBrowserPassView
Password recovery tool for various web browsers
-
Nirsoft
-
Executes dropped EXE
-
Checks computer location settings
Looks up country code configured in the registry, likely geofence.
-
Deletes itself
-
Loads dropped DLL
-
Reads user/profile data of web browsers
Infostealers often target stored browser data, which can include saved credentials etc.
-
Uses the VBS compiler for execution
-
Accesses Microsoft Outlook accounts
-
Adds Run key to start application
-
Looks up external IP address via web service
Uses a legitimate IP lookup service to find the infected system's external IP.
-
Suspicious use of SetThreadContext
-